公开(公告)号：US20150256345A1

公开(公告)日：2015-09-10

申请号：US14279109

申请日：2014-05-15

Applicant: Apple Inc.

Inventor： Yousuf H. VAID ,  Christopher B. SHARP ,  Medhi ZIAT ,  Li LI ,  Jerrold Von HAUCK ,  Ramiro SARMIENTO ,  Jean-Marc PADOVA

IPC: H04L9/32

CPC classification number: H04L9/3268

Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.

Abstract translation: 本文公开了一种用于从至少一个客户端设备撤销根证书的技术。 特别地，该技术涉及引起安全元件，其包括在至少一个客户端设备中并且被配置为存储根证书以及至少一个备份根证书，以永久地忽略根证书，并且至少防止 一个客户端设备利用特定的根证书。 根据一个实施例，该撤销响应于接收直接针对根证书的撤销消息而发生，其中该消息包括在执行撤销之前由安全元件验证的至少两个认证级别。 根证书被撤销后，安全元素可以继续使用至少一个备份根证书，同时永久忽略已撤销的根证书。